More Related Content Similar to Release 16 EP6 - What's New in EnCase & Tableau (20) Release 16 EP6 - What's New in EnCase & Tableau 2. OpenText Confidential. ©2019 All Rights Reserved. 2
Recent Releases
EnCase™ Forensic Tableau Hardware
EnCase™ Endpoint Investigator EnCase™ Endpoint Security
Forensic
Security
3. OpenText Confidential. ©2019 All Rights Reserved. 3
Forensic
The industry gold standard for
scanning, searching, collecting and
securing forensic data for internal
investigations and law enforcement
4. OpenText Confidential. ©2019 All Rights Reserved. 4
• Forensically sound acquisition of
evidence
• Deep forensic analysis
• Broad OS support
• Unmatched decryption
• Powerful evidence processing
• Mobile collection for 27,000+ profiles
• Flexible reporting options
• Court proven
Key benefits of EnCase Forensic
5. OpenText Confidential. ©2019 All Rights Reserved. 5
• Offering the broadest support of operating and file systems, artifacts and encryption types,
EnCase Forensic enables the investigator to provide conclusive results with a detailed
analysis of findings
• Supports APFS (Apple File System), helping investigators conduct targeted data collections
from APFS and send the output as an EnCase logical evidence file
• The enhanced indexing engine processes data quickly, helping organizations and government
agencies save costs by resolving incidents faster than ever
• EnCase offers industry leading training and certification (EnCE)
• No other solution offers the same level of functionality, flexibility or track record of court
acceptance. EnCase Forensic has been cited in thousands of court cases
Key differentiators of EnCase Forensic
6. OpenText Confidential. ©2019 All Rights Reserved. 6
What’s new in EnCase Forensic 8.09
● EnCase processor auditing and logging capabilities
✦ Monitor and track progress of your case in Encase
✦ Read logs in a text file, or a logging platform such as Splunk or Kibana
✦ More streamlined workflow
✦ Improved efficiency
● Checkpoint Encryption support
✦ Added Checkpoint Encryption support
✦ Ability to efficiently parse through evidence without reliance on third part tools to decrypt
● E-mail artifacts
✦ Support for the PST artifacts for Outlook 2013, 2016, and Office 365
✦ Ability to parse through different artifacts such as emails, calendar entries, contacts etc.
● Internet artifacts
✦ Ability to parse through artifacts in Firefox up to version 62
7. OpenText Confidential. ©2019 All Rights Reserved. 7
Voted by the forensic community
Unprecedented wins for 10 years in a row!
Best Forensic Solution for 10 years in a row!
2019 Encase
2018 Encase
2017 Encase
2016 Encase
2015 Encase
2014 Encase
2013 Encase
2012 Encase
2011 Encase
2010 Encase
8. OpenText Confidential. ©2019 All Rights Reserved. 8
Recent Releases
EnCase™ Forensic
Tableau Hardware
EnCase™ Endpoint Investigator EnCase™ Endpoint Security
Forensic
Security
9. OpenText Confidential. ©2019 All Rights Reserved. 9
Built for use both in the field and in
the lab, Tableau hardware meets
the critical needs of the digital
forensic community worldwide by
solving the challenges of forensic
data acquisition
Tableau Hardware
10. OpenText Confidential. ©2019 All Rights Reserved. 10
Most comprehensive forensic hardware product line
Software Utilities
Extends the hardware
value through
complementary
software applications.
Forensic Bridges
Reliable, hardware-
based write-blocked
access to digital media
in portable and
integrated form factors.
Forensic Imagers
Standalone, high-
performant forensic
imaging and triage of
physical media and
network shares.
Password
Recovery
Accelerates brute-
force password attack
performance through
custom hardware in
collaboration with
Passware and
EnCase.
Accessories
Custom-designed
adapters and cables
enable acquisition of
numerous media
types.
11. OpenText Confidential. ©2019 All Rights Reserved. 11
What’s new in Tableau Hardware
● Save and manage logical image search sets on
Tableau Forensic Imager (TX1)
✦ Ability to customize, name, and save logical imaging search
parameters for reuse
✦ Saves time and improves efficiency
● Secure device access on TX1
✦ Addition of a lock screen with PIN code
✦ Provides forensic examiners the ability to lock their screen while
they are away from the device
● Display list of CIFS shares on server with TX1
✦ Enhanced mounting of network shares is now available, using
CIFS (Common Internet File System) or iSCSI (Internet Small
Computer Systems Interface) as Source or Destination
Tableau Forensic Imager (TX1)
12. OpenText Confidential. ©2019 All Rights Reserved. 12
What’s new in Tableau Hardware
● Two new Tableau drive adapters
mSATA / M.2 SATA SSD PCIe U.2 SSD adapter
13. OpenText Confidential. ©2019 All Rights Reserved. 13
Recent Releases
EnCase™ Forensic Tableau Hardware
EnCase™ Endpoint
Investigator
EnCase™ Endpoint Security
Forensic
Security
14. OpenText Confidential. ©2019 All Rights Reserved. 14
Endpoint Investigator
The most powerful and efficient
solution for corporations and
government agencies to perform
remote, discreet and secure internal
investigations without disrupting
employee productivity or day-to-day
operations.
15. OpenText Confidential. ©2019 All Rights Reserved. 15
Differentiated features
● Kernel-level agent-based access across the widest range of files
and OS – now allowing for offline collection
● Templates and workflows for most common investigative tasks
● Roles and permissions to ensure authorized access to endpoints
● Complete access to disk, memory, and email
Endpoint Investigator
16. OpenText Confidential. ©2019 All Rights Reserved. 16
Key benefits
● Discreet, off-the-network collection capability
● Broad OS support across various devices
● Remote device access across geographies
● Forensically sound collection
Endpoint Investigator
17. OpenText Confidential. ©2019 All Rights Reserved. 17
Investigate everywhere with the most supported digital
investigations solution available
Endpoint Investigator
What’s New in v8.09 • Splunk integration – logging and auditing
• Microsoft PST 2013, 2016, 365 support
• Firefox artifact update
• Linux ram and process acquisition
• McAfee EPO support
EnCase
18. OpenText Confidential. ©2019 All Rights Reserved. 18
Investigate Everywhere.
Any OS | Any Repository | Any Cloud Source
Avoid investigation roadblocks with the most supported
digital investigation solution available
OpenText EnCase Endpoint Investigator
19. OpenText Confidential. ©2019 All Rights Reserved. 19
EnCase™ Forensic
Recent Releases
Tableau™ Hardware
EnCase™ Endpoint Investigator
EnCase™ Endpoint Security
Forensic
Security
20. OpenText Confidential. ©2019 All Rights Reserved. 20
Endpoint Security
The most complete threat detection
and response solution—eliminating
the time it takes to detect, validate,
triage, investigate, and remediate
known and unknown threats lurking
across the enterprise, unseen by
perimeter and network solutions.
21. OpenText Confidential. ©2019 All Rights Reserved. 21
Detect sooner
• Expose unknown risks or threats with behavioral and anomaly-based
detection
• Endpoint acts as the last line of defense for detecting threats missed by
other security tools
• Reduce the time to discover a compromise
Respond faster
• Increase efficiency and ROI with on-demand and automated response
• Reduce the total time and costs of response
• 89% reduction in time to triage and validate alerts, events and threats
Recover effectively
• Surgically remediate a threat completely reducing time to recovery by
90%
• Eliminating wipe and reimage process and gain an increase in uptime by
98% for affected devices with no loss of productivity
• Accurately asses impact to sensitive data and clean up data spillage
ENDPOINT
DETECTION &
RESPONSE
Close the security gap with
proactive threat detection, alert
triage and incident response
23. OpenText Confidential. ©2019 All Rights Reserved. 23
Endpoint Security
EnCase Endpoint
Security Dashboards help
security teams quickly
prioritize alerts and make
evidence-based decisions
to investigate or
remediate threats.
24. OpenText Confidential. ©2019 All Rights Reserved. 24
Advanced Threat
Detection
Forensic-grade
Response
Endpoint Security 6.
What’s New in v6.06
● Continuous endpoint
monitoring, at scale
● Endpoint isolation &
containment
● Plus general user
improvements, including:
- Targeted deployment
- Endpoint health status
- Memory acquisition
25. OpenText Confidential. ©2019 All Rights Reserved. 25
Scans Every Five Minutes
All endpoints with the enhanced
agent will take snapshots at five
minute intervals, regardless of the
frequency set in the wizard. The
metadata collected will be run
against the anomaly filters
deployed to that endpoint.
Targeted Anomaly Detection
The enhanced agent is not
designed for telemetry. It is built
specifically to alert analysts to
anomalous behavior on those
endpoints where it’s been
deployed. This allows for scalability
and limits alert fatigue, making it a
valuable, efficient threat detection
solution.
A Truly Active Agent
The enhanced agent for Endpoint
Security is not designed for one-off
use cases. It is an active agent that
once deployed, continues to work
around the clock to detect
anomalies, both online and off. The
enhanced agent only rests if an
anomaly is detected.
The Enhanced Agent & Endpoint Security
26. OpenText Confidential. ©2019 All Rights Reserved. 26
• Earlier detection for anomalies indicative of a security
breach
• Faster response to malicious activity – reducing triage time
by up to 90%
• More efficient recovery from security incidents by
approximately 77%
• Greater visibility via continuous monitoring of endpoints
Key benefits Endpoint Security
Editor's Notes Match this directly to the Product overview Light background alternate 1 General EI What value does encase endpoint security add to security teams?
on existing staff and technology with automated response scenarios, allowing point-in-time alert validation, threats to be verified, and the organizational impact to be determined
Refer to Gartner 5-Styles of Advanced Threat Defense
Happening on the endpoint, it exists.
Provides insights regardless of point in security strategy and can help if in creation
Refer to Security integrations or lack of.
IR teams get massive capability and results
Wipe and reimage
EDR market to address these needs
Reduce the mean time to respond to hours or days
Used by Security, CIRT and Compliance teams to reduce time to discovery of threats in corporations of all sizes and industries, including Government agencies
Detect Sooner. Baseline all endpoint activity to identify gaps in security policies, and reduce the time to discovery through detection of unknown risks or threats
Reduce the risk of data leakage by locating proprietary or sensitive data and initiating removal from unauthorized endpoints
Respond Faster. Increase efficiency and ROI on existing staff and technology with automated response scenarios, allowing point-in-time alert validation, threats to be verified and the organizational impact to be determined
Recover Effectively. Securely erase exact matches or morphed instances of a threat without wipe and reimage
Gain visibility where you need it most, the endpoint
Detect unknown threats missed by other security technologies in a highly visual form
Detect anomalous activity relating to insider or external threats
Identify gaps in security policies and frameworks
Reduce time of breach discovery from months
No use of signatures, heuristics or policies
Arm security analysts and response teams
Integration with alerting technologies for response automation and
captures time sensitive data at the point of the alert
decreases false positive events
enhances ROI of existing technologies
Eliminate the TIME delay between compromise, detection and response
Reduce the COST and overhead of incident response leveraging existing people and technologies
Endpoint Sensitive Data Discovery
Mitigate the RISK of sensitive data in unauthorized locations
Reduce the TIME it takes to locate sensitive data and enforce regulatory and policy compliance
Reduce the COST associated with data discovery processes that don’t easily scale and lack definitive enforcement
No. #1 EDR Tech
Light background alternate
Match this directly to the Product overview